Extracted

• • Target

    ElectrickLaucnher.exe

  • Size

    492KB

  • MD5

    baf6cb0ed8babd0ffc1e767a5300b053

  • SHA1

    a8e13b343328f70a3a818d6d37a5061c8160a611

  • SHA256

    e163715d3b507c281af3001a7eb730e3ea31039a74515bea1b2ef85bc235dab7

  • SHA512

    67aee19bde3fca6d3efd995a65f980992d3750906af34aaaa6da7c2ab416a72eea60587c6d9e543f48bfe4299aab938dc5f566c5c9603a3c1c5ecfd7b7e84644

  • SSDEEP

    6144:nloZM+rIkd8g+EtXHkv/iD4j1LRIv5BcwC8e1m4izv1DhAYkNRRg:loZtL+EP8ZLRIv0BkhDhA/Nfg

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2